IT Security Audit

IT Security Audit

"Information security services to manage risk"

The National Cybersecurity Institute assists organisations manage risk through a range of information security services.

Governance Review and Creation

Governance is the cornerstone to strong security and a requirement for security accreditation. We specialise in governance documentation review and creation for the Australian government Protective Security Policy Framework (PSPF), Australian government Information Security Manual (ISM), ISO27001/2 and PCI DSS compliance. 

Threat and Risk Assessments

A Threat and Risk Assessment (TRA) is an assessment of the threats and risks to information assets and a strategy of recommended controls to treat unacceptable risks.

To create the TRA we typically use workshops to leverage the knowledge of your staff, resulting in an improved outcome. In the workshops we go through flows and usage of information, credible threats to that information and calculate the risk of the threat. The recommended actions to treat unacceptable risks are then discussed and agreed upon. The final step is to deliver a risk management strategy using this knowledge that can be used by senior management to make informed decisions. 

Internal Assessment

An internal system assessment may include:

  • Governance review and compliance assessment;
  • Interviews with key personnel;
  • Site inspection(s);
  • Assessment of the network architecture;
  • Device configuration reviews including security devices, servers and workstation;
  • Review of BYOD policies and practices; and
  • Internal penetration testing from the perspective of an authenticated but non privileged user on the corporate network.
External Penetration Testing

Refer to our Penetration Testing service for more details.

Software Review

Software review involves inspecting software for security flaws or weaknesses. This is a valuable service if your software team do not have a strong understanding of security or if the project plan does not include security testing as a deliverable. Software reviews are cost effective when compared to the costs of managing bugs and problems in production systems. 

Staff Education

Annual staff education is an important aspect of cybersecurity. To make a lasting impact we focus on making the experience memorable through keeping it engaging using lots of 'war stories'. 

Social Engineering

Social engineering is a good service to use if you think your staff lack an appropriate security awareness that is exposing your information assets to undue risk. Combined with user education it is a very powerful tool in illustrating the importance of due process and proper care.

You may be surprised how far we can get with social engineering, our experience includes physically accessing server rooms to collecting passwords over the phone to log into systems remotely. 

Contact us to discuss your cybersecurity requirements on 1300 521 622 or [email protected]

Other Services